In 2025, Microsoft began notifying Dynamics 365 Business Central customers still relying on SMTP Basic Authentication that this outdated authentication method will be retired on March 1, 2026. These reminders are part of a broader push toward stronger security and modern authentication standards — specifically OAuth 2.0
If your Business Central setup still uses traditional SMTP with a username and password, now is the time to plan and execute the move to Modern Authentication. In this post, I’ll explain why this change matters, what you need to do, and how to ensure a smooth transition.
🔒 Why Move to OAuth 2.0?
Microsoft’s announcement emphasizes several reasons for this shift:
Basic Auth is insecure and susceptible to attack. Username/password combos don’t protect against modern threats.
OAuth 2.0 uses token-based authentication, eliminating stored passwords and lowering risk.
It supports Multi-Factor Authentication (MFA) and Conditional Access policies — a must-have for security best practices.
Business Central’s modern email infrastructure works seamlessly with OAuth.
After March 1, 2026, Basic Auth will stop working, causing email failures if not updated.
This means organizations that delay migration risk disruption to key processes such as automated emails, sales communication, notifications, and workflows.
Step-by-Step Migration Guide
Here’s a recommended approach for transitioning your email setup in Business Central to OAuth 2.0.
1. Audit Your Current Email Configuration
Determine if your system uses:
- SMTP Mail Setup with username and password
- Direct SMTP server entries (e.g., smtp.office365.com)
- Custom AL code that references the legacy SMTP Codeunit
- Job queues configured for SMTP email sending
If so, your environment will need updating
2. Switch to Modern Email Accounts
Microsoft suggests adopting one of Business Central’s built-in OAuth-enabled account types:
✔ Microsoft 365 Email Account (OAuth)
✔ Shared Mailbox Email Account (OAuth)
To configure:
- Go to Tell Me → “Email Accounts”
- Click New
- Choose Microsoft 365
- Sign in using OAuth
- Approve the Microsoft consent prompts
- Set the account as your default email account
This removes your dependence on SMTP Basic Authentication and aligns with the modern security paradigm.
3. (Optional) Azure Active Directory App Registration
For advanced scenarios — like centralizing email automation accounts or supporting external systems — you may need an Azure AD App Registration:
- Register a new application in the Azure portal
- Add permissions such as:
- SMTP.Send
- offline_access
- openid, profile, and email scopes
- Add a redirect URI, e.g.
https://businesscentral.dynamics.com/oauth/redirect - Grant admin consent
This allows OAuth authentication to access email on behalf of users securely.
4. Update Business Central to Use the New OAuth Email Account
Once your OAuth account is ready:
- Disable old SMTP configurations
- Update email workflows, job queues, and report selections to use the OAuth-enabled account
- Remove references to legacy SMTP mail settings
Ensure modules like Sales, Purchasing, and Notifications point to the new account
5. Refactor Custom AL Code (if applicable)
If you have custom email logic using the legacy SMTP Codeunit (Codeunit 400):
- Replace it with the modern Email Message, Email Account, and Email Outbox objects.
- These leverage Business Central’s built-in email framework, which automatically uses OAuth tokens
6. Perform Comprehensive Testing
Before removing legacy configurations:
✔ Send test emails
✔ Test sales and purchase emails
✔ Validate approval workflow notifications
✔ Execute job queue auto-emails
✔ Check shared and delegated mailbox scenarios
7. Clean Up Legacy SMTP Setup
Once everything is validated:
- Remove old SMTP credentials
- Delete SMTP server entries
- Update procedures and documentation to ensure teams don’t inadvertently revert to Basic Auth
Lock down or disable deprecated configurations
🌟 Benefits of Migrating to OAuth 2.0
By transitioning now, you unlock clear advantages:
✔ Enhanced token-based security
✔ No more stored passwords
✔ Support for MFA and Conditional Access
✔ Compliance with modern authentication standards
✔ A future-proof Business Central environment
🗓 Deadline: March 1, 2026
Microsoft’s deadline isn’t just a suggestion — it’s a turning point where Basic Auth will cease to function for SMTP in Exchange Online. If you haven’t migrated by then, emails sent from Business Central may fail, impacting business communications and automated processes.
🚀 Final Thoughts
Migrating your Business Central email setup to OAuth 2.0 is a critical upgrade that boosts security, aligns with Microsoft’s roadmap, and protects your business from the risks associated with legacy authentication. With planning, testing, and a staged migration approach, you can make the transition smoothly — and gain long-term operational resilience.
If you want help with detailed custom migration steps, configuration scripts, or AL refactoring guidance, feel free to ask!